Technical Article

Protecting Control Systems with Safety Instrumented Systems (SIS)

December 28, 2021 by David Peterson

Safety is of utmost importance in the day-to-day operations of any system, especially a system where humans and machines work together. Learn all about Safety Instrumented Systems and what it takes to keep workers safe, and the system running smoothly!

Manufacturing typically includes proper safety method implementation. For as long as manufacturing has existed, simple and complex strategies have been adopted to minimize worker hazards, resulting in fewer deaths and injuries, as well as better working conditions for employees as the years go by.

Hydraulic systems, like this one used for metal cutting, require an SIS in place to protect both personnel and product.
Figure 1. Hydraulic systems, like this one used for metal cutting, require an SIS to protect both personnel and product.


Many industrial processes involve systems that are potentially very dangerous. Fluid pressures, extreme temperatures, and dangerous chemicals can turn an otherwise safe environment deadly with a single failure. For processes like these, specific devoted safety instrumented systems (SIS) operate to contain failures and bring operations to a safe level or halt them entirely, as needed.


What is a Safety Instrumented System (SIS)?

A safety instrumented system (SIS) is a specific type of control network existing in facilities where at least a portion of the process could result in a dangerous situation, especially in the case of a failure. Usually, these processes consist of high pressures, temperatures, or chemicals that must be contained and monitored continually. Examples of such systems may include:


Industrial steam boilers are one example of a manufacturing system that requires SIS. 

Figure 2. Industrial steam boilers are one example of a manufacturing system that requires SIS. 


Of course, processes and machines must already have safety guards and methods established. Therefore, the equipment and regulations surrounding these SIS are specified to those systems where the hazard is more likely to be widespread with harmful effects to people nearby.

The advent of programmable control systems resulted in an upgrade to safety systems. Smarter sensors, actuators, and logic programs respond to hazards faster than any human operator can return a system to a safe operating level.

Since every industry and facility is different, what is considered "harmful effects" cannot be strictly defined by regulations. The guidelines define how hazards are analyzed and mitigated, and the SIS can then be evaluated by how much it will decrease the hazards after implementation.


Safety Instrumented System (SIS) Architecture and Design 

The actual components of the SIS might look quite similar to the standard control system. However, the SIS must be an entirely separate system, running alongside the existing control system. 

The SIS' objective is different than the control system. As the name implies, the control system is responsible for controlling the regular operation of the facility. Any machines, processes, and parameters are all carefully monitored and controlled. Usually, sensors feed information to a PLC, which controls valves, actuators, and motor drives to keep the system running at an optimized pace.

In contrast, the SIS has one single purpose: return the facility to safety if any part of the process exceeds dangerous limits. Temperatures or pressures too high, liquid levels too high or low, even heavy vibrations or harmonics must all be halted in a controlled fashion.

The components of the SIS may be precisely the same—sensors, gauges, valves, and actuators all sending and receiving information from a central processing PLC. The SIS may include one or two smart components, or an entire control system—whatever the established needs require.


Risk Management Analysis With Safety Instrumented Systems (SIS) 

Engineers must carefully detail the hazards both before the SIS design as well as after design completion. First, the system must be proven to pose a great enough risk to warrant implementing the safety system. After implementation, it must accomplish a significant reduction in that risk to accomplish its task.

The analysis process is similar to risk management studies performed in many other fields. In many ways, this is a blend between imagining worst-case scenarios and impacts, and statistical calculations of failure probabilities. This is why it is particularly difficult to reference or calculate a simple solution.

Risk management analysis uses a matrix format to compare the likelihood of a component or system failure, and if that were to happen, how bad would it be? Usually, each critical component is graded by this system, allowing a more objective overall risk calculation. 

If a failure event is unlikely to occur, and wouldn't really be significant anyway, then it's certainly not a high-risk failure. If it's unlikely, but a failure would be catastrophic (such as a Chernobyl or Fukushima level event), then the risk would undoubtedly increase. Suppose a failure is both very likely AND would be catastrophic. In that case, the risk analysis may lead to conclusions such as discontinuing operations if a safety system may not sufficiently reduce the risk.


Functional Safety Standards and Determining Safety Integrity Levels (SIL)

Even the SIS itself is subject to risk analysis. The safety system must be as immune to failure as possible to be considered successful. 

For specific guidance on the design of this risk analysis, the standard used is IEC-61511, or the very similar document ISA 84.00.01. This document not only provides requirements for the system hardware and software, but also the requirements for determining safety integrity levels (SIL). Each device has a reliability or a chance that the device might fail. A higher likelihood of failure is not as desirable for a safety system, obviously. 

To achieve a certain level of safety, each device must meet or exceed a certain SIL. The entire SIS must meet or exceed a level of safety integrity, so each part of the system must be carefully analyzed.

Manufacturing is a notoriously dangerous job, often wrought with countless OSHA regulations. To best keep your facility and its workers safe, implement an SIS and evaluate any and all risks. What are some risks you didn't realize you had in your facility?